Efail: Email Encryption Standards Vulnerable to Cyberattacks

Researchers from the University of Applied Sciences (FH) in Münster, Horst Görtz Institute for IT Security at Ruhr-Universität Bochum (RUB), and Katholieke Universiteit Leuven have released a paper demonstrating that the two most common email encryption standards are vulnerable to attacks.

Referred to as Efail, this exploit can allow an attacker to use the victim’s own email client to decrypt previously acquired messages and return the decrypted content to the attacker without alerting the victim.

Efail proved successful in 25 out of 35 tested email programs using the S/MIME encryption standard and in 10 out of 28 tested programs using OpenPGP.

Powerful attackers such as nation state agencies are known to eavesdrop on email communications of a large number of people. To address this, OpenPGP offers end-to-end encryption specifically for sensitive communication in view of these powerful attackers.

S/MIME is an alternative standard for email end-to-end encryption that is typically used to secure corporate email communication.

The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails.

PGP and S/MIME encryption technologies add an additional layer of security to email communication. If used properly, both technologies should guarantee confidentiality and authenticity of email messages even if an attacker has full access to an email account. The EFAIL attacks break this additional encryption layer.

Developers of the program have already been informed and have plugged the gaps in security. However, this proof of concept is only one implementation of this new type of attack, and variants may soon emerge.

“… these countermeasures are specific hotfixes and we cannot rule out that extended attacks with further backchannels or exfiltrations will be found,” stated the researchers.

“Moreover, even if all backchannels are closed, both standards are still vulnerable to attacks where the attacker can modify email content or inject malicious code into attachments which get executed in a context beyond email client.”